Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware_bho_webdir, Win32.rootkit.agent?


  • This topic is locked This topic is locked
7 replies to this topic

#1 Princess Artemis

Princess Artemis

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 28 February 2008 - 09:57 PM

Essentially, I started this odyssey of scanning and such after I got a call from my bank about what turned out to be a fraudulent charge on my credit card. This happened the day after I signed up with Netflix, so I had a suspicion that somehow it got nabbed while I was inputting it into the site.

Anyhow, I have Trend Micro's PC-cillin IS, and it regularly scans my computer for viruses and such, but nothing had turned up, and after I got the call and had to cancel the card, I scanned again and turned up nothing. So said, I did some poking around for spyware programs and such, ended up with HijackThis!, which I had used before but didn't have currently installed. Then, I came along here, saw the instructions for posting such a log.

I followed them as best I could, and Ad-Aware picked up Win32.Rootkit.Agent and about 200 suspicious cookies. So I deleted them, and after a reboot and another Ad-Aware scan, it showed merely 100 or so suspicious cookies...which were identical to what it had allegedly deleted already. But it didn't show Win32.Rootkit.Agent, so I thought to proceed. I used to have Spybot S&D, but PC-cillin made me uninstall it the last time I got a new subscription. Anyhow, I downloaded it and reinstalled it, updated, immunized...only to have PC-cillin go bonkers about over 70,000 low risk changes being made to my computer! Perhaps foolishly, I forged ahead because I have used Spybot before and trusted it. A scan pulled up a large number of things to delete, so delete them I did. Another reboot, and Spybot spotted something trying to change something, but I allowed it because the reboot was prompted by a PC-cillin update.

Then I tried another Ad-Aware scan, and while doing so, suddenly PC-cillin was warning me about adware_bho_webdir trying to install. Denied it several times. Ad-Aware found the same 100 or so cookies it found the first two scans, deleted them, ran Spybot, it also found the same things it found the time before to delete...tried to delete them. Ran Trend Micro's HouseCall (I use Firefox), and it found nothing. McAfee Stinger found nothing. I have a firewall through PC-cillin. I ran PC-cillin's scan again, and this time it picked up a scad of odd websites from somewhere, all associated with 271.0.0.1. Went ahead and deleted them. A third scan turned up nothing.

After another reboot, again, PC-cillin was warning me about adware_boh_webdir, denied that a bunch of times again. Anyhow, that's about where I stand right now--somehow it seems I got adware_bho_webdir while trying to find out if I had a virus in the first place...and those cookies just will not delete.

I tried Windows update--sorry, my copy of XP came with SP2, so I could hardly do anything about that! All it found were upgrades for .Net framework 2.0 and 3.0, but for some reason, the update for 3.0 won't install. (I also have incidental problems with my tablet driver not booting up, and the last boot, Catalyst Control Center (which I do use for my dual monitors) quite for unexplained reasons).

Anyhow, this is my HijackThis! log...I'd like to know primarily if there's anything hiding that could have been used to grab my credit card number, but I'm also concerned about the undeleteable cookies and uninstallable Windows updates. As an aside, I certainly wouldn't mind any advice on getting rid of programs that slow my comp down. I am running Folding@Home on one of my CPUs and can quit it at any time, so I'm not concerned about that.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:47:48 PM, on 2/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\Folding@Home\winFAH.exe
C:\Program Files\Folding@Home\FahCore_81.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - d:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 8745 bytes

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:24 AM

Posted 09 March 2008 - 01:31 PM

Hi Princess Artemis and welcome to the BC HijackThis forum. I don't see any signs of viruses or malware in the log. It's clean. We'll take a deeper look in a minute.

Can you save a copy of whatever it is that your anti-virus is finding and where it is finding it. It might just be harmless but we should check it out.

As for the cookies, cookies really aren't a big issue. There could be a number of reasons for why they show up. Almost every website that is visited will put cookies on a machine. It could be that after cleaning htem, when going back to any particular site that they are placed again. Or, depending on the cleaner used, some will not remove cookies unless they are older than a specific date. In and of themselves, cookies don't do anything so that should n't be a big deal. We'll clean those out as well with a different cleaner.

Follow these steps in order:

Before running a new scan let's clean out the temporoary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not /code with brackets around it then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 Princess Artemis

Princess Artemis
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 09 March 2008 - 03:21 PM

Thank you for your help! Good to hear there's nothing hiding in there. Ad-Aware did eventually fail to find the cookies I couldn't get it to delete, so...I guess they weren't undeletable, they were just persistent.

This is what my virus scanner has been catching and blocking--I noticed there's AVICodecPackPlus2.exe in there associated with Adware_BHO_Webdir that I know I didn't download recently; I'm pretty sure I did DL it, but it was months ago and my scanner only recently started being bothered by it. Sorry it's not terribly readable, I guess Trend Micro PC-Cillin doesn't like exporting logs as text.

"Spyware Scan Logs","2008/03/01"
"Time","Area","Item Name","Detected Resource","Target","Action"
"16:44","File System","Adware_BHO_Webdir","C:\System Volume Information\_restore{AF258D3C-F2BF-41F4-8893-69AFD6106C40}\RP207\","A0029382.exe","Detected"
"16:44","File System","Adware_BHO_Webdir","C:\System Volume Information\_restore{AF258D3C-F2BF-41F4-8893-69AFD6106C40}\RP207\","A0029383.dll","Detected"
"Spyware Scan Logs","2008/02/29"
"Time","Area","Item Name","Detected Resource","Target","Action"
"16:35","File System","Adware_BHO_Webdir","C:\System Volume Information\_restore{AF258D3C-F2BF-41F4-8893-69AFD6106C40}\RP207\","A0029382.exe","Detected"
"17:09","File System","Adware_BHO_Webdir","C:\System Volume Information\_restore{AF258D3C-F2BF-41F4-8893-69AFD6106C40}\RP207\","A0029382.exe","Detected"
"17:40","File System","Adware_BHO_Webdir","C:\System Volume Information\_restore{AF258D3C-F2BF-41F4-8893-69AFD6106C40}\RP207\","A0029382.exe","Detected"
"Spyware Scan Logs","2008/02/28"
"Time","Area","Item Name","Detected Resource","Target","Action"
"10:45","File System","Adware_BHO_Webdir","C:\Personal\downloads\codecs\","AVICodecPackPlus2.exe","Detected"
"10:46","File System","Adware_BHO_Webdir","C:\Personal\downloads\codecs","AVICodecPackPlus2.exe","Quarantined"
"11:01","File System","Adware_BHO_Webdir","C:\System Volume Information\_restore{AF258D3C-F2BF-41F4-8893-69AFD6106C40}\RP207\","A0029382.exe","Detected"
"11:09","File System","Adware_BHO_Webdir","C:\WINDOWS\","VirtualDNS.dll","Detected"
"11:10","File System","Adware_BHO_Webdir","C:\WINDOWS","VirtualDNS.dll","Quarantined"
"12:39","File System","Adware_BHO_Webdir","C:\System Volume Information\_restore{AF258D3C-F2BF-41F4-8893-69AFD6106C40}\RP207\","A0029382.exe","Detected"
"12:39","File System","Adware_BHO_Webdir","C:\System Volume Information\_restore{AF258D3C-F2BF-41F4-8893-69AFD6106C40}\RP207\","A0029383.dll","Detected"
System","Adware_BHO_Webdir","C:\WINDOWS\","VirtualDNS.dll","Detected"

I followed your instructions for the two programs--this is WinPFind35u log file. I turned off my internet connection and IS software and closed out as many programs as I could from my systray before running it.

WinPFind35 logfile created on: 3/9/2008 12:55:38 PM
WinPFind35U Version 1.0.4.1	 Folder = C:\Documents and Settings\User\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 94.10% Memory free
4.00 Gb Paging File | 3.86 Gb Available in Paging File | 96.51% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 26.58 Gb Free Space | 35.67% Space Free | Partition Type: NTFS
Drive D: | 186.30 Gb Total Space | 140.82 Gb Free Space | 75.59% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 645.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GREENPC
Current User Name: User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4188 | Size = 512000 bytes | Modified Date = 12/20/2007 7:57:27 PM | Attr =	]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4188 | Size = 512000 bytes | Modified Date = 12/20/2007 7:57:27 PM | Attr =	]
aawservice.exe -> D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 2:27:08 PM | Attr =	]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 12, 0, 0 | Size = 106496 bytes | Modified Date = 6/28/2007 4:06:52 AM | Attr =	]
incdsrv.exe -> D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -> Nero AG [Ver = 5, 5, 0, 11 | Size = 859136 bytes | Modified Date = 11/10/2006 5:18:42 PM | Attr =	]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.136.1 | Size = 61440 bytes | Modified Date = 12/14/2006 6:49:10 PM | Attr =	]
tablet.exe -> %SystemRoot%\system32\Tablet.exe -> Wacom Technology, Corp. [Ver = 6.0.4-4 | Size = 1197616 bytes | Modified Date = 6/4/2007 9:52:20 AM | Attr =	]
tabuserw.exe -> %SystemRoot%\system32\WTablet\TabUserW.exe -> Wacom Technology, Corp. [Ver = 6.0.4-4 | Size = 132656 bytes | Modified Date = 6/4/2007 9:53:00 AM | Attr =	]
tablet.exe -> %SystemRoot%\system32\Tablet.exe -> Wacom Technology, Corp. [Ver = 6.0.4-4 | Size = 1197616 bytes | Modified Date = 6/4/2007 9:52:20 AM | Attr =	]
rthdcpl.exe -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.1.1.4 | Size = 16062464 bytes | Modified Date = 12/18/2006 8:12:00 PM | Attr = R  ]
wdbtnmgr.exe -> %SystemRoot%\system32\WDBtnMgr.exe -> Western Digital Technologies, Inc. [Ver = 2, 0, 13, 0 | Size = 364544 bytes | Modified Date = 6/29/2007 1:32:47 AM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr =	]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.3.0.54 | Size = 270648 bytes | Modified Date = 6/28/2007 9:14:42 AM | Attr =	]
pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 10/31/2003 7:42:40 PM | Attr =	]
mom.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\MOM.exe -> Advanced Micro Devices Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 7/17/2007 12:13:56 PM | Attr =	]
incd.exe -> D:\Program Files\Nero\Nero 7\InCD\InCD.exe -> Nero AG [Ver = 5, 5, 0, 11 | Size = 1051648 bytes | Modified Date = 11/10/2006 5:19:32 PM | Attr =	]
findfast.exe -> %ProgramFiles%\Microsoft Office\Office\FINDFAST.EXE ->  [Ver =  | Size = 111376 bytes | Modified Date = 8/19/1997 | Attr =	]
wpn111.exe -> %ProgramFiles%\NETGEAR\WPN111 Configuration Utility\WPN111.exe -> NETGEAR [Ver = 1, 2, 0, 2 | Size = 491606 bytes | Modified Date = 1/24/2005 4:58:24 PM | Attr =	]
osa.exe -> %ProgramFiles%\Microsoft Office\Office\OSA.EXE ->  [Ver =  | Size = 51984 bytes | Modified Date = 8/19/1997 | Attr =	]
ccc.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CCC.exe -> ATI Technologies Inc. [Ver = 2.0.0.0 | Size = 49152 bytes | Modified Date = 7/17/2007 12:13:34 PM | Attr =	]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.3.0.54 | Size = 501048 bytes | Modified Date = 6/28/2007 9:14:32 AM | Attr =	]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.4.1 | Size = 310784 bytes | Modified Date = 3/8/2008 5:37:12 PM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 2:27:08 PM | Attr =	]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe ->  [Ver = 2.41.000 | Size = 68096 bytes | Modified Date = 6/29/2007 5:11:54 AM | Attr =	]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 12, 0, 0 | Size = 106496 bytes | Modified Date = 6/28/2007 4:06:52 AM | Attr =	]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4188 | Size = 512000 bytes | Modified Date = 12/20/2007 7:57:27 PM | Attr =	]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe ->  [Ver = 5.13.0027 | Size = 593920 bytes | Modified Date = 12/20/2007 10:05:00 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr =	]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] ->  -> File not found
(InCDsrv) InCD Helper [Win32_Own | Auto | Running] -> D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -> Nero AG [Ver = 5, 5, 0, 11 | Size = 859136 bytes | Modified Date = 11/10/2006 5:18:42 PM | Attr =	]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.3.0.54 | Size = 501048 bytes | Modified Date = 6/28/2007 9:14:32 AM | Attr =	]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.136.1 | Size = 61440 bytes | Modified Date = 12/14/2006 6:49:10 PM | Attr =	]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 1, 5, 13, 0 | Size = 262144 bytes | Modified Date = 12/23/2006 6:54:04 PM | Attr =	]
(PcCtlCom) Trend Micro Central Control Component [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security 2007\PcCtlCom.exe -> Trend Micro Inc. [Ver = 15.30.0.1151 | Size = 1922576 bytes | Modified Date = 1/23/2007 2:27:16 PM | Attr =	]
(PcScnSrv) Trend Micro Protection Against Spyware  [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security 2007\PcScnSrv.exe -> Trend Micro Inc. [Ver = 15.30.0.1128 | Size = 214544 bytes | Modified Date = 12/29/2006 2:53:14 PM | Attr =	]
(TabletService) TabletService [Win32_Own | Auto | Running] -> %SystemRoot%\system32\Tablet.exe -> Wacom Technology, Corp. [Ver = 6.0.4-4 | Size = 1197616 bytes | Modified Date = 6/4/2007 9:52:20 AM | Attr =	]
(Tmntsrv) Trend Micro Real-time Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security 2007\Tmntsrv.exe -> Trend Micro Inc. [Ver = 15.30.0.1128 | Size = 480784 bytes | Modified Date = 12/29/2006 2:53:14 PM | Attr =	]
(TmPfw) Trend Micro Personal Firewall [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security 2007\TmPfw.exe -> Trend Micro Inc. [Ver = 3.2.0.1027 | Size = 943696 bytes | Modified Date = 12/29/2006 2:53:06 PM | Attr =	]
(tmproxy) Trend Micro Proxy Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Trend Micro\Internet Security 2007\tmproxy.exe -> Trend Micro Inc. [Ver = 3.2.0.1024 | Size = 566872 bytes | Modified Date = 12/29/2006 2:53:10 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(AmdK8) AMD Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AmdK8.sys -> Advanced Micro Devices [Ver = 1.3.2 (dnsrv(wmbla).060701-2226) | Size = 36864 bytes | Modified Date = 7/1/2006 10:39:40 PM | Attr =	]
(AmdLLD) AMD Low Level Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AmdLLD.sys -> AMD, Inc. [Ver = 1.0.1.0 | Size = 34304 bytes | Modified Date = 6/29/2007 3:47:34 PM | Attr =	]
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(ASAPIW2k) ASAPIW2k [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\asapiW2k.sys -> Pinnacle Systems GmbH [Ver = 6, 0, 2, 27 | Size = 11264 bytes | Modified Date = 3/10/2004 5:27:18 PM | Attr =	]
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(ATHFMWDL) NETGEAR WPN111 Bootloader driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\athwpn.sys -> Windows (R) 2000 DDK provider [Ver = 5.1.2600.0 | Size = 43392 bytes | Modified Date = 10/14/2004 6:24:00 PM | Attr =	]
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6764 | Size = 2843136 bytes | Modified Date = 12/20/2007 8:53:20 PM | Attr =	]
(BENDER) Pinnacle DV/AV Capture [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\bender.sys -> Pinnacle Systems GmbH [Ver = 1.1.0.39 | Size = 180480 bytes | Modified Date = 9/25/2003 12:19:54 PM | Attr = R  ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
(DNINDIS5) DNINDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DNINDIS5.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.03.16.55 | Size = 17149 bytes | Modified Date = 7/24/2003 12:10:34 PM | Attr =	]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 2:44:04 PM | Attr =	]
(GMSIPCI) GMSIPCI [Kernel | On_Demand | Stopped] -> E:\INSTALL\GMSIPCI.SYS -> File not found
(gsplittm) gsplittm [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\User\LOCALS~1\Temp\gsplittm.sys -> File not found
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 1/7/2005 5:07:18 PM | Attr =	]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(InCDfs) InCD File System [File_System | Disabled | Running] -> %SystemRoot%\system32\drivers\InCDfs.sys -> Nero AG [Ver = 5, 5, 0, 11 | Size = 102912 bytes | Modified Date = 11/10/2006 5:15:44 PM | Attr =	]
(InCDPass) InCDPass [Kernel | System | Running] -> %SystemRoot%\system32\drivers\InCDPass.sys -> Nero AG [Ver = 5, 5, 0, 11 | Size = 31360 bytes | Modified Date = 11/10/2006 5:16:34 PM | Attr =	]
(incdrm) InCD Reader [Kernel | System | Running] -> %SystemRoot%\system32\drivers\InCDRm.sys -> Nero AG [Ver = 5, 5, 0, 11 | Size = 33792 bytes | Modified Date = 11/10/2006 5:17:50 PM | Attr =	]
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.5345 built by: WinDDK | Size = 4405248 bytes | Modified Date = 12/21/2006 1:26:00 AM | Attr = R  ]
(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(MarvinBus) Pinnacle Marvin Bus [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\MarvinBus.sys -> Pinnacle Systems GmbH [Ver = 2.1.0.12 | Size = 171008 bytes | Modified Date = 1/28/2005 4:36:00 PM | Attr =	]
(MDC8021X) AEGIS Protocol (IEEE 802.1x) v2.3.1.10 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdc8021x.sys -> Meetinghouse Data Communications [Ver = 2.3.1.10 | Size = 15890 bytes | Modified Date = 6/29/2007 1:23:04 AM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(nvata) nvata [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\nvata.sys -> NVIDIA Corporation [Ver = 5.10.2600.0687 built by: WinDDK | Size = 105344 bytes | Modified Date = 8/21/2006 3:24:28 AM | Attr = R  ]
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NVENETFD.sys -> NVIDIA Corporation [Ver = 1.00.03.06531 | Size = 57856 bytes | Modified Date = 9/11/2006 4:45:36 AM | Attr = R  ]
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvnetbus.sys -> NVIDIA Corporation [Ver = 1.00.03.06531 | Size = 19968 bytes | Modified Date = 9/11/2006 4:45:38 AM | Attr = R  ]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PCLEPCI) PCLEPCI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\Pclepci.sys -> Pinnacle Systems GmbH [Ver = 1.06 | Size = 14165 bytes | Modified Date = 3/19/2002 10:29:16 AM | Attr =	]
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(PsSdk30) PsSdk30 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\Drivers\PsSdk30.drv -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 10/19/2007 5:56:10 PM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 3:25:53 AM | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(tmcfw) Trend Micro Common Firewall Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\TM_CFW.sys -> Trend Micro Inc. [Ver = 3.2.0.1024 | Size = 288848 bytes | Modified Date = 12/29/2006 2:53:52 PM | Attr =	]
(tmcomm) tmcomm [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1052 | Size = 102800 bytes | Modified Date = 1/24/2007 6:45:46 PM | Attr =	]
(tmmbd) Trend Micro MBD Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tm_mbd_c.sys -> Trend Micro Inc. [Ver = 3.2.0.1028 | Size = 111888 bytes | Modified Date = 12/29/2006 2:53:52 PM | Attr =	]
(tmpreflt) tmpreflt [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmpreflt.sys -> Trend Micro Inc. [Ver = 8.550.0.1001 | Size = 35856 bytes | Modified Date = 9/17/2007 2:40:44 PM | Attr =	]
(tmtdi) Trend Micro TDI Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\tmtdi.sys -> Trend Micro Incorporated. [Ver = 3.2.0.1024 built by: WinDDK | Size = 75088 bytes | Modified Date = 12/29/2006 2:53:52 PM | Attr =	]
(tmxpflt) tmxpflt [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmxpflt.sys -> Trend Micro Inc. [Ver = 8.550.0.1001 | Size = 202768 bytes | Modified Date = 9/17/2007 2:40:48 PM | Attr =	]
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(USBIO) USBIO Driver (usbio.sys) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbio.sys -> Thesycon GmbH, Germany [Ver = 1.42.572 | Size = 19805 bytes | Modified Date = 5/7/2001 3:56:02 AM | Attr = R  ]
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(vsapint) vsapint [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\vsapint.sys -> Trend Micro Inc. [Ver = 8.550-1001 | Size = 1126072 bytes | Modified Date = 9/17/2007 2:31:22 PM | Attr =	]
(wacommousefilter) Wacom Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wacommousefilter.sys -> Wacom Technology [Ver = 1.2.0002.0 | Size = 11312 bytes | Modified Date = 2/16/2007 11:12:36 AM | Attr =	]
(wacomvhid) Wacom Virtual Hid Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wacomvhid.sys -> Wacom Technology [Ver = 2.8.0000.0 | Size = 12848 bytes | Modified Date = 2/16/2007 10:30:12 AM | Attr =	]
(WacomVKHid) Virtual Keyboard Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\WacomVKHid.sys -> Wacom Technology [Ver = 1.1.0000.0 | Size = 11440 bytes | Modified Date = 2/15/2007 4:11:28 PM | Attr =	]
(WDC_SAM) WD SCSI Pass Thru driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wdcsam.sys -> Western Digital Technologies [Ver = 1, 0, 6, 0 | Size = 10112 bytes | Modified Date = 9/7/2006 2:16:06 PM | Attr = R  ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(WPN111) Wireless USB 2.0 Adapter with RangeMax Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\WPN111.sys -> NETGEAR, Inc. [Ver = 1, 0, 1, 1007 | Size = 286720 bytes | Modified Date = 1/6/2005 7:07:40 PM | Attr = R  ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_SL.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 8:51:55 PM | Attr =	]
Alcmtr -> %SystemRoot%\Alcmtr.exe -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Modified Date = 5/3/2005 3:43:00 AM | Attr = R  ]
amd_dc_opt -> %ProgramFiles%\AMD\Dual-Core Optimizer\amd_dc_opt.exe -> AMD [Ver = 1, 1, 3, 0 | Size = 77824 bytes | Modified Date = 7/23/2007 12:06:28 PM | Attr =	]
googletalk -> %ProgramFiles%\Google\Google Talk\googletalk.exe -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 2:22:02 PM | Attr =	]
InCD -> D:\Program Files\Nero\Nero 7\InCD\InCD.exe -> Nero AG [Ver = 5, 5, 0, 11 | Size = 1051648 bytes | Modified Date = 11/10/2006 5:19:32 PM | Attr =	]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.3.0.54 | Size = 270648 bytes | Modified Date = 6/28/2007 9:14:42 AM | Attr =	]
KernelFaultCheck ->  -> File not found
MSPY2002 -> %SystemRoot%\system32\IME\PINTLGNT\IMSCINST.EXE ->  [Ver =  | Size = 59392 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Modified Date = 1/12/2006 4:40:44 PM | Attr =	]
pccguide.exe -> %ProgramFiles%\Trend Micro\Internet Security 2007\pccguide.exe -> Trend Micro Inc. [Ver = 15.30.0.1151 | Size = 3429904 bytes | Modified Date = 1/23/2007 2:26:26 PM | Attr =	]
PinnacleDriverCheck -> %SystemRoot%\system32\PSDrvCheck.exe ->  [Ver = 1.0.0.63 | Size = 406016 bytes | Modified Date = 3/10/2004 5:26:10 PM | Attr =	]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 4/27/2007 9:41:54 AM | Attr =	]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 10/31/2003 7:42:40 PM | Attr =	]
RTHDCPL -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.1.1.4 | Size = 16062464 bytes | Modified Date = 12/18/2006 8:12:00 PM | Attr = R  ]
SkyTel -> %SystemRoot%\SkyTel.exe -> Realtek Semiconductor Corp. [Ver = 1.0.0.0 | Size = 2879488 bytes | Modified Date = 5/16/2006 3:04:00 AM | Attr = R  ]
StartCCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ->  [Ver =  | Size = 90112 bytes | Modified Date = 11/10/2006 1:35:24 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr =	]
WD Button Manager -> %SystemRoot%\system32\WDBtnMgr.exe -> Western Digital Technologies, Inc. [Ver = 2, 0, 13, 0 | Size = 364544 bytes | Modified Date = 6/29/2007 1:32:47 AM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
SpybotSD TeaTimer -> d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 12:43:40 PM | Attr = RHS]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 11/4/1999 3:06:48 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Find Fast.lnk -> %ProgramFiles%\Microsoft Office\Office\FINDFAST.EXE ->  [Ver =  | Size = 111376 bytes | Modified Date = 8/19/1997 | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk -> %ProgramFiles%\NETGEAR\WPN111 Configuration Utility\WPN111.exe -> NETGEAR [Ver = 1, 2, 0, 2 | Size = 491606 bytes | Modified Date = 1/24/2005 4:58:24 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Office Startup.lnk -> %ProgramFiles%\Microsoft Office\Office\OSA.EXE ->  [Ver =  | Size = 51984 bytes | Modified Date = 8/19/1997 | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\WD Backup Monitor.lnk -> %ProgramFiles%\My Book\WD Backup\uBBMonitor.exe -> ArcSoft, Inc. [Ver = 1.0.0.1 | Size = 98304 bytes | Modified Date = 12/24/2005 3:00:54 PM | Attr =	]
< User Startup Folder > -> C:\Documents and Settings\User\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\Folding@Home 5.03.lnk -> %ProgramFiles%\Folding@Home\winFAH.exe -> Stanford University [Ver = 5, 0, 3, 0 | Size = 323584 bytes | Modified Date = 11/9/2004 11:45:06 AM | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4176 | Size = 122880 bytes | Modified Date = 12/20/2007 7:58:55 PM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
< HOSTS File > (224986 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4241 domain(s) found. -> 
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4240 domain(s) found. -> 
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> d:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 12:43:28 PM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> d:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 12:43:28 PM | Attr =	]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Copy to Semagic -> %ProgramFiles%\Semagic\copy.htm ->  [Ver =  | Size = 267 bytes | Modified Date = 8/10/2007 11:08:00 AM | Attr =	]
Semagic -> %ProgramFiles%\Semagic\link.htm ->  [Ver =  | Size = 186 bytes | Modified Date = 8/10/2007 11:08:00 AM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{1928C074-F76A-4FBA-9250-8FE37D7503C7} ->	(NVIDIA nForce Networking Controller) -> 
{1AD561F1-7BE0-4875-9FD1-3A53DCC2D9B1} ->	(1394 Net Adapter) -> 
{8B26742F-BBDB-4EF2-865F-A11412BE73A2} ->	() -> 
{9AFD1B7D-8602-46B1-9135-BFAF7D59C2C6} ->	(1394 Net Adapter) -> 
{C4695C7C-00DF-44FF-910E-75D7B64AA9BE} ->	(NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111) -> 
{DBB37E05-5797-493F-998B-CFC6944B30D6} ->	(NVIDIA nForce Networking Controller) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> 
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 10:49:30 AM | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 7:21:15 AM | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 9:37:50 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1824 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 22248 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 5:44:50 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 4:10:02 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 5:44:50 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 4:10:02 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.3.0.54 | Size = 15330616 bytes | Modified Date = 6/28/2007 9:14:36 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] ->  [Ver =  | Size = 43008 bytes | Modified Date = 3/1/2007 4:11:22 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 6:43:18 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91376 bytes | Modified Date = 8/30/2007 6:43:18 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Google\Google Talk\googletalk.exe -> C:\Program Files\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk] -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 2:22:02 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1052 | Size = 102800 bytes | Created Date = 2/28/2008 6:33:26 PM | Attr =	]
usbio.sys -> %SystemRoot%\System32\drivers\usbio.sys -> Thesycon GmbH, Germany [Ver = 1.42.572 | Size = 19805 bytes | Created Date = 2/22/2008 7:34:27 PM | Attr = R  ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Created Date = 2/27/2008 8:07:25 PM | Attr =	]
Nero -> %AllUsersProfile%\Application Data\Nero ->  [Folder | Created Date = 2/24/2008 4:44:48 PM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Created Date = 2/27/2008 9:14:26 PM | Attr =	]
Ahead -> %UserProfile%\Local Settings\Application Data\Ahead ->  [Folder | Created Date = 2/24/2008 4:54:09 PM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1648 bytes | Created Date = 2/27/2008 8:07:28 PM | Attr =	]
Ad-Watch 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Watch 2007.lnk ->  [Ver =  | Size = 1648 bytes | Created Date = 2/27/2008 8:07:28 PM | Attr =	]
Nero Home Essentials SE.lnk -> %AllUsersProfile%\Desktop\Nero Home Essentials SE.lnk ->  [Ver =  | Size = 1341 bytes | Created Date = 2/24/2008 4:50:51 PM | Attr =	]
Nero Online Upgrade.lnk -> %AllUsersProfile%\Desktop\Nero Online Upgrade.lnk ->  [Ver =  | Size = 1879 bytes | Created Date = 2/24/2008 4:50:51 PM | Attr =	]
Nero StartSmart Essentials.lnk -> %AllUsersProfile%\Desktop\Nero StartSmart Essentials.lnk ->  [Ver =  | Size = 1417 bytes | Created Date = 2/24/2008 4:50:51 PM | Attr =	]
atari_classics_evolved -> %UserProfile%\Desktop\atari_classics_evolved ->  [Folder | Created Date = 2/25/2008 2:53:24 PM | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 3/9/2008 12:47:44 PM | Attr =	]
desktop sc 3 -> %UserProfile%\Desktop\desktop sc 3 ->  [Folder | Created Date = 3/7/2008 2:08:19 PM | Attr =	]
HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Created Date = 2/27/2008 2:04:42 PM | Attr =	]
mando'agrammar.htm -> %UserProfile%\Desktop\mando'agrammar.htm ->  [Ver =  | Size = 6095 bytes | Created Date = 3/6/2008 9:32:59 AM | Attr =	]
MandoaupdateOct07.xls -> %UserProfile%\Desktop\MandoaupdateOct07.xls ->  [Ver =  | Size = 139776 bytes | Created Date = 3/3/2008 4:15:14 PM | Attr =	]
McafeeRootkitDetective -> %UserProfile%\Desktop\McafeeRootkitDetective ->  [Folder | Created Date = 2/27/2008 9:39:49 PM | Attr =	]
PMMEasyMode -> %UserProfile%\Desktop\PMMEasyMode ->  [Folder | Created Date = 2/20/2008 7:30:49 AM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 793 bytes | Created Date = 2/27/2008 9:14:28 PM | Attr =	]
stinger.exe -> %UserProfile%\Desktop\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Created Date = 2/27/2008 9:30:24 PM | Attr =	]
stinger.opt -> %UserProfile%\Desktop\stinger.opt ->  [Ver =  | Size = 22 bytes | Created Date = 2/28/2008 9:22:14 AM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Created Date = 3/9/2008 12:51:37 PM | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 481997 bytes | Created Date = 3/9/2008 12:51:01 PM | Attr =	]
Ahead -> %CommonProgramFiles%\Ahead ->  [Folder | Created Date = 2/24/2008 4:44:48 PM | Attr =	]
LightScribe -> %CommonProgramFiles%\LightScribe ->  [Folder | Created Date = 2/24/2008 4:51:15 PM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 2/27/2008 8:06:12 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
ffastun.ffa -> %SystemDrive%\ffastun.ffa ->  [Ver =  | Size = 4689 bytes | Modified Date = 3/9/2008 12:48:43 PM | Attr =  H ]
ffastun.ffl -> %SystemDrive%\ffastun.ffl ->  [Ver =  | Size = 2088960 bytes | Modified Date = 3/9/2008 12:48:41 PM | Attr =  H ]
ffastun.ffo -> %SystemDrive%\ffastun.ffo ->  [Ver =  | Size = 733184 bytes | Modified Date = 3/9/2008 12:48:43 PM | Attr =  H ]
ffastun0.ffx -> %SystemDrive%\ffastun0.ffx ->  [Ver =  | Size = 8613888 bytes | Modified Date = 3/9/2008 12:48:41 PM | Attr =  H ]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 3/7/2008 2:09:17 PM | Attr = R  ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 3/9/2008 8:48:45 AM | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 3/9/2008 12:52:07 PM | Attr =	]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 224986 bytes | Modified Date = 2/28/2008 4:40:29 PM | Attr =	]
hosts.bak -> %SystemRoot%\System32\drivers\etc\hosts.bak ->  [Ver =  | Size = 227676 bytes | Modified Date = 2/27/2008 9:16:11 PM | Attr = R  ]
tmvsthfss.bin -> %SystemRoot%\System32\drivers\etc\tmvsthfss.bin ->  [Ver =  | Size = 224986 bytes | Modified Date = 3/9/2008 12:51:11 PM | Attr =	]
tmvsthfud.bin -> %SystemRoot%\System32\drivers\etc\tmvsthfud.bin ->  [Ver =  | Size = 224986 bytes | Modified Date = 3/9/2008 12:52:07 PM | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 2/28/2008 3:09:30 PM | Attr =	]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 3/9/2008 12:52:04 PM | Attr =	]
CmdLineExt.dll -> %SystemRoot%\System32\CmdLineExt.dll -> Sony DADC Austria AG. [Ver = 1,0,201,0 | Size = 98304 bytes | Modified Date = 2/28/2008 12:17:17 PM | Attr =	]
DirectX -> %SystemRoot%\System32\DirectX ->  [Folder | Modified Date = 2/24/2008 4:42:13 PM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 2/13/2008 7:45:52 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 2/28/2008 6:33:26 PM | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 70066 bytes | Modified Date = 3/9/2008 8:35:04 AM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 435920 bytes | Modified Date = 3/9/2008 8:35:04 AM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 515688 bytes | Modified Date = 3/9/2008 8:35:04 AM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2422 bytes | Modified Date = 3/9/2008 8:31:05 AM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2/13/2008 3:25:13 AM | Attr =  H ]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 2/28/2008 6:27:55 PM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 3/9/2008 8:30:56 AM | Attr =   S]
dlgeditor.ini -> %SystemRoot%\dlgeditor.ini ->  [Ver =  | Size = 553 bytes | Modified Date = 2/25/2008 9:39:50 AM | Attr =	]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 2/13/2008 7:45:30 PM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2/13/2008 7:45:49 PM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2/28/2008 3:07:59 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 3/7/2008 2:09:20 PM | Attr =  HS]
kgff.ini -> %SystemRoot%\kgff.ini ->  [Ver =  | Size = 457 bytes | Modified Date = 3/9/2008 10:40:03 AM | Attr =	]
mikro.ini -> %SystemRoot%\mikro.ini ->  [Ver =  | Size = 400 bytes | Modified Date = 2/26/2008 9:27:05 AM | Attr =	]
pchealth -> %SystemRoot%\pchealth ->  [Folder | Modified Date = 3/7/2008 2:01:16 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 3/9/2008 12:52:50 PM | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 3/9/2008 8:31:17 AM | Attr =  H ]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 3/9/2008 12:52:35 PM | Attr =	]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 3/9/2008 12:52:10 PM | Attr =	]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 2/28/2008 3:15:25 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 3/9/2008 8:31:00 AM | Attr =  H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5344 bytes | Modified Date = 2/28/2008 3:13:38 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 6594 bytes | Modified Date = 2/28/2008 3:13:38 PM | Attr =	]
First15.exe -> C:\Documents and Settings\User\Local Settings\Temp\First15.exe -> Macromedia, Inc. [Ver = 6,0,21,0 | Size = 1453843 bytes | Modified Date = 9/27/2005 9:09:12 PM | Attr = R  ]
VP6Install.exe -> C:\Documents and Settings\User\Local Settings\Temp\VP6Install.exe ->  [Ver =  | Size = 23040 bytes | Modified Date = 9/27/2005 9:11:23 PM | Attr = R  ]
xmlUpdater.exe -> C:\Documents and Settings\User\Local Settings\Temp\xmlUpdater.exe ->  [Ver =  | Size = 100247 bytes | Modified Date = 8/7/2007 3:49:16 PM | Attr =	]
45 C:\Documents and Settings\User\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\User\Local Settings\Temp\*.tmp -> 
StudioWisePatch_L.exe -> C:\Documents and Settings\User\Local Settings\Temp\{3A553158-D76A-4678-AE98-8ABA865205FC}\{16E217EA-C3E0-402D-8D4F-6189DB74497A}\StudioWisePatch_L.exe ->  [Ver =  | Size = 4570587 bytes | Modified Date = 5/6/2005 5:36:02 PM | Attr =	]
50ComUpd.Exe -> C:\Documents and Settings\User\Local Settings\Temp\{714FB613-9EDB-48CA-9AA5-A77AF13B44FE}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\50ComUpd.Exe -> Microsoft Corporation [Ver = 5.00.2516.1900 | Size = 511747 bytes | Modified Date = 7/31/2001 12:59:22 AM | Attr =	]
q311542_WXP_SP1_x86_ENU.exe -> C:\Documents and Settings\User\Local Settings\Temp\{714FB613-9EDB-48CA-9AA5-A77AF13B44FE}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\q311542_WXP_SP1_x86_ENU.exe ->  [Ver = 1.16 | Size = 208488 bytes | Modified Date = 2/21/2002 6:28:46 PM | Attr =	]
RSETPATH.exe -> C:\Documents and Settings\User\Local Settings\Temp\{714FB613-9EDB-48CA-9AA5-A77AF13B44FE}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\RSETPATH.exe -> Pinnacle Systems [Ver = 1.40 | Size = 41219 bytes | Modified Date = 7/31/2001 12:57:08 AM | Attr =	]
WindowsXP-KB822603-x86-ARA.exe -> C:\Documents and Settings\User\Local Settings\Temp\{714FB613-9EDB-48CA-9AA5-A77AF13B44FE}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-ARA.exe -> Microsoft Corporation [Ver = 5.3.0018.1 (xpclnt_qfe.020226-1835) | Size = 351008 bytes | Modified Date = 3/4/2004 1:08:36 PM | Attr =	]
WindowsXP-KB822603-x86-CHS.exe -> C:\Documents and Settings\User\Local Settings\Temp\{714FB613-9EDB-48CA-9AA5-A77AF13B44FE}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-CHS.exe -> Microsoft Corporation [Ver = 5.3.0018.1 (xpclnt_qfe.020226-1835) | Size = 348960 bytes | Modified Date = 3/4/2004 1:08:36 PM | Attr =	]
WindowsXP-KB822603-x86-CHT.exe -> C:\Documents and Settings\User\Local Settings\Temp\{714FB613-9EDB-48CA-9AA5-A77AF13B44FE}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-CHT.exe -> Microsoft Corporation [Ver = 5.3.0018.1 (xpclnt_qfe.020226-1835) | Size = 349472 bytes | Modified Date = 3/4/2004 1:08:36 PM | Attr =	]
WindowsXP-KB822603-x86-CSY.exe -> C:\Documents and Settings\User\Local Settings\Temp\{714FB613-9EDB-48CA-9AA5-A77AF13B44FE}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-CSY.exe -> Microsoft Corporation [Ver = 5.3.0018.1 (xpclnt_qfe.020226-1835) | Size = 351520 bytes | Modified Date = 3/4/2004 1:08:36 PM | Attr =	]
WindowsXP-KB822603-x86-DAN.exe -> C:\Documents and Settings\User\Local Settings\Temp\{714FB613-9EDB-48CA-9AA5-A77AF13B44FE}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-DAN.exe -> Microsoft Corporation [Ver = 5.3.0018.1 (xpclnt_qfe.020226-1835) | Size = 351008 bytes | Modified Date = 3/4/2004 1:08:36 PM | Attr =	]
WindowsXP-KB822603-x86-DEU.exe -> C:\Documents and Settings\User\Local Settings\Temp\{714FB613-9EDB-48CA-9AA5-A77AF13B44FE}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-DEU.exe -> Microsoft Corporation [Ver = 5.3.0018.1 (xpclnt_qfe.020226-1835) | Size = 352032 bytes | Modified Date = 3/4/2004 1:08:36 PM | Attr =	]
WindowsXP-KB822603-x86-ELL.exe -> C:\Documents and Settings\User\Local Settings\Temp\{714FB613-9EDB-48CA-9AA5-A77AF13B44FE}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-ELL.exe -> Microsoft Corporation [Ver = 5.3.0018.1 (xpclnt_qfe.020226-1835) | Size = 353568 bytes | Modified Date = 3/4/2004 1:08:36 PM | Attr =	]
WindowsXP-KB822603-x86-ENU.exe -> C:\Documents and Settings\User\Local Settings\Temp\{714FB613-9EDB-48CA-9AA5-A77AF13B44FE}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-ENU.exe -> Microsoft Corporation [Ver = 5.3.0018.1 (xpclnt_qfe.020226-1835) | Size = 349472 bytes | Modified Date = 3/4/2004 1:08:36 PM | Attr =	]
WindowsXP-KB822603-x86-ESN.exe -> C:\Documents and Settings\User\Local Settings\Temp\{714FB613-9EDB-48CA-9AA5-A77AF13B44FE}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-ESN.exe -> Microsoft Corporation [Ver = 5.3.0018.1 (xpclnt_qfe.020226-1835) | Size = 352032 bytes | Modified Date = 3/4/2004 1:08:36 PM | Attr =	]
WindowsXP-KB822603-x86-FIN.exe -> C:\Documents and Settings\User\Local Settings\Temp\{714FB613-9EDB-48CA-9AA5-A77AF13B44FE}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-FIN.exe -> Microsoft Corporation [Ver = 5.3.0018.1 (xpclnt_qfe.020226-1835) | Size = 351520 bytes | Modified Date = 3/4/2004 1:08:36 PM | Attr =	]
WindowsXP-KB822603-x86-FRA.exe -> C:\Documents and Settings\User\Local Settings\Temp\{714FB613-9EDB-48CA-9AA5-A77AF13B44FE}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-FRA.exe -> Microsoft Corporation [Ver = 5.3.0018.1 (xpclnt_qfe.020226-1835) | Size = 352032 bytes | Modified Date = 3/4/2004 1:08:36 PM | Attr =	]
WindowsXP-KB822603-x86-HEB.exe -> C:\Documents and Settings\User\Local Settings\Temp\{714FB613-9EDB-48CA-9AA5-A77AF13B44FE}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-HEB.exe -> Microsoft Corporation [Ver = 5.3.0018.1 (xpclnt_qfe.020226-1835) | Size = 350496 bytes | Modified Date = 3/4/2004 1:08:36 PM | Attr =	]
WindowsXP-KB822603-x86-HUN.exe -> C:\Documents and Settings\User\Local Settings\Temp\{714FB613-9EDB-48CA-9AA5-A77AF13B44FE}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-HUN.exe -> Microsoft Corporation [Ver = 5.3.0018.1 (xpclnt_qfe.020226-1835) | Size = 352544 bytes | Modified Date = 3/4/2004 1:08:36 PM | Attr =	]
WindowsXP-KB822603-x86-ITA.exe -> C:\Documents and Settings\User\Local Settings\Temp\{714FB613-9EDB-48CA-9AA5-A77AF13B44FE}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-ITA.exe -> Microsoft Corporation [Ver = 5.3.0018.1 (xpclnt_qfe.020226-1835) | Size = 351520 bytes | Modified Date = 3/4/2004 1:08:36 PM | Attr =	]
WindowsXP-KB822603-x86-JPN.exe -> C:\Documents and Settings\User\Local Settings\Temp\{714FB613-9EDB-48CA-9AA5-A77AF13B44FE}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-JPN.exe -> Microsoft Corporation [Ver = 5.3.0018.1 (xpclnt_qfe.020226-1835) | Size = 350496 bytes | Modified Date = 3/4/2004 1:08:36 PM | Attr =	]
WindowsXP-KB822603-x86-KOR.exe -> C:\Documents and Settings\User\Local Settings\Temp\{714FB613-9EDB-48CA-9AA5-A77AF13B44FE}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-KOR.exe -> Microsoft Corporation [Ver = 5.3.0018.1 (xpclnt_qfe.020226-1835) | Size = 349472 bytes | Modified Date = 3/4/2004 1:08:36 PM | Attr =	]
WindowsXP-KB822603-x86-NLD.exe -> C:\Documents and Settings\User\Local Settings\Temp\{714FB613-9EDB-48CA-9AA5-A77AF13B44FE}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-NLD.exe -> Microsoft Corporation [Ver = 5.3.0018.1 (xpclnt_qfe.020226-1835) | Size = 352032 bytes | Modified Date = 3/4/2004 1:08:36 PM | Attr =	]
WindowsXP-KB822603-x86-NOR.exe -> C:\Documents and Settings\User\Local Settings\Temp\{714FB613-9EDB-48CA-9AA5-A77AF13B44FE}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-NOR.exe -> Microsoft Corporation [Ver = 5.3.0018.1 (xpclnt_qfe.020226-1835) | Size = 351008 bytes | Modified Date = 3/4/2004 1:08:36 PM | Attr =	]
WindowsXP-KB822603-x86-PLK.exe -> C:\Documents and Settings\User\Local Settings\Temp\{714FB613-9EDB-48CA-9AA5-A77AF13B44FE}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-PLK.exe -> Microsoft Corporation [Ver = 5.3.0018.1 (xpclnt_qfe.020226-1835) | Size = 352544 bytes | Modified Date = 3/4/2004 1:08:36 PM | Attr =	]
WindowsXP-KB822603-x86-PTB.exe -> C:\Documents and Settings\User\Local Settings\Temp\{714FB613-9EDB-48CA-9AA5-A77AF13B44FE}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-PTB.exe -> Microsoft Corporation [Ver = 5.3.0018.1 (xpclnt_qfe.020226-1835) | Size = 351520 bytes | Modified Date = 3/4/2004 1:08:38 PM | Attr =	]
WindowsXP-KB822603-x86-PTG.exe -> C:\Documents and Settings\User\Local Settings\Temp\{714FB613-9EDB-48CA-9AA5-A77AF13B44FE}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-PTG.exe -> Microsoft Corporation [Ver = 5.3.0018.1 (xpclnt_qfe.020226-1835) | Size = 351520 bytes | Modified Date = 3/4/2004 1:08:38 PM | Attr =	]
WindowsXP-KB822603-x86-RUS.exe -> C:\Documents and Settings\User\Local Settings\Temp\{714FB613-9EDB-48CA-9AA5-A77AF13B44FE}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-RUS.exe -> Microsoft Corporation [Ver = 5.3.0018.1 (xpclnt_qfe.020226-1835) | Size = 352032 bytes | Modified Date = 3/4/2004 1:08:38 PM | Attr =	]
WindowsXP-KB822603-x86-SVE.exe -> C:\Documents and Settings\User\Local Settings\Temp\{714FB613-9EDB-48CA-9AA5-A77AF13B44FE}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-SVE.exe -> Microsoft Corporation [Ver = 5.3.0018.1 (xpclnt_qfe.020226-1835) | Size = 351008 bytes | Modified Date = 3/4/2004 1:08:38 PM | Attr =	]
WindowsXP-KB822603-x86-TRK.exe -> C:\Documents and Settings\User\Local Settings\Temp\{714FB613-9EDB-48CA-9AA5-A77AF13B44FE}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\WindowsXP-KB822603-x86-TRK.exe -> Microsoft Corporation [Ver = 5.3.0018.1 (xpclnt_qfe.020226-1835) | Size = 351520 bytes | Modified Date = 3/4/2004 1:08:38 PM | Attr =	]
HList.exe -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User-2740\Tk\HList.exe -> ActiveState [Ver = 5.0.3.503 | Size = 114688 bytes | Modified Date = 10/22/2007 10:34:50 AM | Attr = R  ]
detect2k.exe -> C:\Documents and Settings\User\Local Settings\Temp\pft17~tmp\Disk1\detect2k.exe ->  [Ver =  | Size = 28672 bytes | Modified Date = 10/15/2004 3:37:58 PM | Attr =	]
detectxp.exe -> C:\Documents and Settings\User\Local Settings\Temp\pft17~tmp\Disk1\detectxp.exe ->  [Ver =  | Size = 28672 bytes | Modified Date = 10/15/2004 3:40:32 PM | Attr =	]
Setup.exe -> C:\Documents and Settings\User\Local Settings\Temp\pft17~tmp\Disk1\Setup.exe -> InstallShield Software Corporation [Ver = 6, 30, 100, 1255 | Size = 54784 bytes | Modified Date = 4/11/2001 6:28:48 PM | Attr =	]
setup.exe -> C:\Documents and Settings\User\Local Settings\Temp\Temporary Directory 1 for setup.zip\setup.exe -> Macrovision Corporation [Ver = 12.0.58849 | Size = 14712768 bytes | Modified Date = 9/7/2007 2:03:16 PM | Attr = R  ]
QTInstallerHelper.dll -> C:\Documents and Settings\User\Local Settings\Temp\QTInstallerHelper.dll ->  [Ver =  | Size = 69632 bytes | Modified Date = 9/23/2004 5:18:19 PM | Attr =	]
SIntf16.dll -> C:\Documents and Settings\User\Local Settings\Temp\SIntf16.dll ->  [Ver =  | Size = 12305 bytes | Modified Date = 2/24/2008 12:00:00 PM | Attr =	]
SIntf32.dll -> C:\Documents and Settings\User\Local Settings\Temp\SIntf32.dll ->  [Ver =  | Size = 20020 bytes | Modified Date = 2/24/2008 12:00:00 PM | Attr =	]
SIntfNT.dll -> C:\Documents and Settings\User\Local Settings\Temp\SIntfNT.dll ->  [Ver =  | Size = 24748 bytes | Modified Date = 2/24/2008 12:00:00 PM | Attr =	]
VP6VFW.dll -> C:\Documents and Settings\User\Local Settings\Temp\VP6VFW.dll -> On2.com [Ver = 6,0,6,4 | Size = 442368 bytes | Modified Date = 9/27/2005 9:11:24 PM | Attr = R  ]
45 C:\Documents and Settings\User\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\User\Local Settings\Temp\*.tmp -> 
InsMagic.dll -> C:\Documents and Settings\User\Local Settings\Temp\{714FB613-9EDB-48CA-9AA5-A77AF13B44FE}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\InsMagic.dll ->  [Ver =  | Size = 36864 bytes | Modified Date = 1/31/2000 5:12:54 AM | Attr =	]
tefonts.dll -> C:\Documents and Settings\User\Local Settings\Temp\{714FB613-9EDB-48CA-9AA5-A77AF13B44FE}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\tefonts.dll -> Palladium Interactive [Ver = 1, 0, 0, 3 | Size = 36864 bytes | Modified Date = 6/14/2000 5:09:58 AM | Attr =	]
Uninst.dll -> C:\Documents and Settings\User\Local Settings\Temp\{714FB613-9EDB-48CA-9AA5-A77AF13B44FE}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Uninst.dll -> Pinnacle Systems [Ver = 1.5.0.3 | Size = 81920 bytes | Modified Date = 11/1/2001 10:15:28 AM | Attr =	]
UninW2k.dll -> C:\Documents and Settings\User\Local Settings\Temp\{714FB613-9EDB-48CA-9AA5-A77AF13B44FE}\{9E491AB7-4589-48CA-9CBB-874CB2788391}\UninW2k.dll -> Pinnacle Systems [Ver = 1.5.0.3 | Size = 86016 bytes | Modified Date = 11/1/2001 10:15:50 AM | Attr =	]
difxapi.dll -> C:\Documents and Settings\User\Local Settings\Temp\{747DDC58-4D35-4693-A7B5-1030682B62E8}\{C151CE54-E7EA-4804-854B-F515368B0798}\difxapi.dll -> Microsoft Corporation [Ver = 2.01 | Size = 337320 bytes | Modified Date = 5/16/2006 12:58:14 PM | Attr =	]
0e70205b23f4c095c6914fe4101a50bd.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\0e70205b23f4c095c6914fe4101a50bd.dll ->  [Ver =  | Size = 77824 bytes | Modified Date = 10/22/2007 1:03:33 PM | Attr = R  ]
1858e8ab849d8865dceffd49fa725006.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\1858e8ab849d8865dceffd49fa725006.dll ->  [Ver =  | Size = 163909 bytes | Modified Date = 10/22/2007 1:03:34 PM | Attr = R  ]
1b95eff0cdd1fc8ca1a2e739ac651b79.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\1b95eff0cdd1fc8ca1a2e739ac651b79.dll ->  [Ver =  | Size = 24682 bytes | Modified Date = 9/13/2007 1:30:48 PM | Attr = R  ]
1c999bf5f25e48cad36d6b721a62eb97.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\1c999bf5f25e48cad36d6b721a62eb97.dll ->  [Ver =  | Size = 159864 bytes | Modified Date = 9/13/2007 1:30:48 PM | Attr = R  ]
202f31b5ebc621a063bb8fdd02718f1d.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\202f31b5ebc621a063bb8fdd02718f1d.dll -> ActiveState Corporation [Ver = 8.4.5 | Size = 598080 bytes | Modified Date = 10/22/2007 1:03:34 PM | Attr = R  ]
264409ece6b2ab82d3343162ef502b39.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\264409ece6b2ab82d3343162ef502b39.dll ->  [Ver =  | Size = 28782 bytes | Modified Date = 9/13/2007 1:30:56 PM | Attr = R  ]
2a163aafed55dec10d63f95478f23fb9.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\2a163aafed55dec10d63f95478f23fb9.dll ->  [Ver =  | Size = 82037 bytes | Modified Date = 9/13/2007 1:30:49 PM | Attr = R  ]
2d888706df3a4784bac9f0dcf2789c25.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\2d888706df3a4784bac9f0dcf2789c25.dll ->  [Ver =  | Size = 28672 bytes | Modified Date = 2/7/2008 3:05:18 PM | Attr = R  ]
38cf0e29a140715a3bd160d2c8d2e27c.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\38cf0e29a140715a3bd160d2c8d2e27c.dll -> ActiveState Corporation [Ver = 8.4.5 | Size = 598109 bytes | Modified Date = 9/13/2007 1:30:47 PM | Attr = R  ]
3c9370520b4e1fb32be5e0cacacce9a9.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\3c9370520b4e1fb32be5e0cacacce9a9.dll ->  [Ver =  | Size = 20571 bytes | Modified Date = 9/13/2007 1:30:46 PM | Attr = R  ]
3f85f0530d6aef9985639aafadac2fc1.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\3f85f0530d6aef9985639aafadac2fc1.dll ->  [Ver =  | Size = 24576 bytes | Modified Date = 10/22/2007 1:03:35 PM | Attr = R  ]
533c3946ba3f7bcd90f0a06813186a5b.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\533c3946ba3f7bcd90f0a06813186a5b.dll ->  [Ver =  | Size = 155648 bytes | Modified Date = 10/22/2007 1:03:33 PM | Attr = R  ]
5aae87e6620ab1cf1ec4dbd00266a2c1.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\5aae87e6620ab1cf1ec4dbd00266a2c1.dll ->  [Ver =  | Size = 24576 bytes | Modified Date = 10/22/2007 1:03:33 PM | Attr = R  ]
5f3a0c24f8486409da8dd749eb4e5948.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\5f3a0c24f8486409da8dd749eb4e5948.dll ->  [Ver =  | Size = 49254 bytes | Modified Date = 9/13/2007 1:30:48 PM | Attr = R  ]
77926685c9635357227dfe2f401ad5bc.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\77926685c9635357227dfe2f401ad5bc.dll ->  [Ver =  | Size = 49225 bytes | Modified Date = 10/22/2007 1:03:34 PM | Attr = R  ]
7a5d0b7c2441f2daf1c5eea19cf3a834.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\7a5d0b7c2441f2daf1c5eea19cf3a834.dll ->  [Ver =  | Size = 24697 bytes | Modified Date = 9/13/2007 1:30:48 PM | Attr = R  ]
7e571116e6983d90cf20286d6bbcb9e5.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\7e571116e6983d90cf20286d6bbcb9e5.dll ->  [Ver =  | Size = 28753 bytes | Modified Date = 10/22/2007 1:03:35 PM | Attr = R  ]
8146b01494036222cdc776dd52c1a832.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\8146b01494036222cdc776dd52c1a832.dll ->  [Ver =  | Size = 36961 bytes | Modified Date = 9/13/2007 1:30:47 PM | Attr = R  ]
90fb6a47f293603766c033947245d3c7.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\90fb6a47f293603766c033947245d3c7.dll ->  [Ver =  | Size = 86116 bytes | Modified Date = 9/13/2007 1:30:48 PM | Attr = R  ]
9dcc1ee602b6cb5bb8e4acad22194926.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\9dcc1ee602b6cb5bb8e4acad22194926.dll ->  [Ver =  | Size = 45129 bytes | Modified Date = 10/22/2007 1:03:35 PM | Attr = R  ]
a101fbd46ab62044ab7334471d3a54ea.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\a101fbd46ab62044ab7334471d3a54ea.dll ->  [Ver =  | Size = 49225 bytes | Modified Date = 10/22/2007 1:03:35 PM | Attr = R  ]
abcd38bf4810a378b8ee9d18fae299e3.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\abcd38bf4810a378b8ee9d18fae299e3.dll ->  [Ver =  | Size = 20480 bytes | Modified Date = 10/22/2007 1:03:34 PM | Attr = R  ]
aeb7d0fb42b65921bc9f336d7ce537ba.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\aeb7d0fb42b65921bc9f336d7ce537ba.dll ->  [Ver =  | Size = 41062 bytes | Modified Date = 9/13/2007 1:30:48 PM | Attr = R  ]
b4161f6146116168b674f3ccf0d73a2f.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\b4161f6146116168b674f3ccf0d73a2f.dll ->  [Ver =  | Size = 32843 bytes | Modified Date = 10/22/2007 1:03:44 PM | Attr = R  ]
c0bc172a4f6b2d6a24bed6dcdf0efa24.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\c0bc172a4f6b2d6a24bed6dcdf0efa24.dll ->  [Ver =  | Size = 1122377 bytes | Modified Date = 10/22/2007 1:03:33 PM | Attr = R  ]
c18303bc541538ec687c2e4736df7b98.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\c18303bc541538ec687c2e4736df7b98.dll ->  [Ver =  | Size = 24576 bytes | Modified Date = 10/22/2007 1:03:34 PM | Attr = R  ]
c19933b0daf80774a8c11c6ec1caa7bf.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\c19933b0daf80774a8c11c6ec1caa7bf.dll ->  [Ver =  | Size = 28672 bytes | Modified Date = 10/22/2007 1:03:34 PM | Attr = R  ]
c8ceb6e8f4968634b8643eb32b388c2c.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\c8ceb6e8f4968634b8643eb32b388c2c.dll ->  [Ver =  | Size = 20480 bytes | Modified Date = 10/22/2007 1:03:33 PM | Attr = R  ]
c8d296a83f97e5d9d3e36b8246047200.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\c8d296a83f97e5d9d3e36b8246047200.dll ->  [Ver =  | Size = 32841 bytes | Modified Date = 10/22/2007 1:03:35 PM | Attr = R  ]
d2d0da4ed631f1e568cd99b4fe9332a5.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\d2d0da4ed631f1e568cd99b4fe9332a5.dll ->  [Ver =  | Size = 36970 bytes | Modified Date = 9/13/2007 1:32:09 PM | Attr = R  ]
d6d140f43f56ef226f208c4db97e3145.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\d6d140f43f56ef226f208c4db97e3145.dll ->  [Ver =  | Size = 28672 bytes | Modified Date = 10/22/2007 1:03:34 PM | Attr = R  ]
d775eb4ae6063fbf94466992b32b0b06.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\d775eb4ae6063fbf94466992b32b0b06.dll ->  [Ver =  | Size = 32872 bytes | Modified Date = 9/15/2007 5:34:22 PM | Attr = R  ]
d94932b91f93c0999f5460549eb6055e.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\d94932b91f93c0999f5460549eb6055e.dll ->  [Ver =  | Size = 24576 bytes | Modified Date = 2/7/2008 3:05:19 PM | Attr = R  ]
d9c3285ca386b3165f8cbc4fcb6f1e4e.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\d9c3285ca386b3165f8cbc4fcb6f1e4e.dll ->  [Ver =  | Size = 32866 bytes | Modified Date = 9/13/2007 1:30:48 PM | Attr = R  ]
da448330e0b0cf948b2e0da6204129ed.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\da448330e0b0cf948b2e0da6204129ed.dll ->  [Ver =  | Size = 32879 bytes | Modified Date = 9/13/2007 1:30:46 PM | Attr = R  ]
dbb6ffd197cbcbfd16a35dadd6c6124d.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\dbb6ffd197cbcbfd16a35dadd6c6124d.dll ->  [Ver =  | Size = 90183 bytes | Modified Date = 10/22/2007 1:03:35 PM | Attr = R  ]
e1154f13923e134b3f66897287ad9675.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\e1154f13923e134b3f66897287ad9675.dll ->  [Ver =  | Size = 36941 bytes | Modified Date = 2/1/2008 10:20:39 AM | Attr = R  ]
e7aaa0b7c894657eda670c762cae6cd0.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\e7aaa0b7c894657eda670c762cae6cd0.dll ->  [Ver =  | Size = 24671 bytes | Modified Date = 9/13/2007 1:30:47 PM | Attr = R  ]
eae52e64e7650ee0fa3642ef7e901c5a.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\eae52e64e7650ee0fa3642ef7e901c5a.dll ->  [Ver =  | Size = 53350 bytes | Modified Date = 9/13/2007 1:30:47 PM | Attr = R  ]
eb9a324484575899cf1bec33b43a56c2.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\eb9a324484575899cf1bec33b43a56c2.dll ->  [Ver =  | Size = 28672 bytes | Modified Date = 10/22/2007 1:03:35 PM | Attr = R  ]
fe3b806752eaccc40b50e4532d9b1159.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\fe3b806752eaccc40b50e4532d9b1159.dll ->  [Ver =  | Size = 24665 bytes | Modified Date = 9/13/2007 1:30:46 PM | Attr = R  ]
fe78322a8994bfeb4ede9420d8595321.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\fe78322a8994bfeb4ede9420d8595321.dll ->  [Ver =  | Size = 24576 bytes | Modified Date = 10/22/2007 1:03:33 PM | Attr = R  ]
perl58.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\22e73e9e15cd25ae504cc095b27f742d\perl58.dll -> ActiveState Tool Corp. [Ver = 5,8,0,804 | Size = 757760 bytes | Modified Date = 10/22/2007 1:03:32 PM | Attr =	]
perl58.dll -> C:\Documents and Settings\User\Local Settings\Temp\pdk-User\5420bff60c9e34033db6e36353a8c8d9\perl58.dll -> ActiveState [Ver = 5,8,8,816 | Size = 798801 bytes | Modified Date = 9/13/2007 1:30:46 PM | Attr =	]
Perflib_Perfdata_1e0.dat -> C:\Documents and Settings\User\Local Settings\Temp\Perflib_Perfdata_1e0.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/28/2008 3:14:37 PM | Attr =	]
45 C:\Documents and Settings\User\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\User\Local Settings\Temp\*.tmp -> 
{AC76BA86-7AD7-1033-7B44-A81000000003}.ini -> C:\Documents and Settings\User\Local Settings\Temp\{AC76BA86-7AD7-1033-7B44-A81000000003}.ini ->  [Ver =  | Size = 627 bytes | Modified Date = 12/27/2007 4:01:07 PM | Attr =	]
45 C:\Documents and Settings\User\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\User\Local Settings\Temp\*.tmp -> 
0x0407.ini -> C:\Documents and Settings\User\Local Settings\Temp\_is29\0x0407.ini ->  [Ver =  | Size = 6265 bytes | Modified Date = 6/29/2007 1:32:51 AM | Attr =	]
0x040a.ini -> C:\Documents and Settings\User\Local Settings\Temp\_is29\0x040a.ini ->  [Ver =  | Size = 6265 bytes | Modified Date = 6/29/2007 1:32:51 AM | Attr =	]
0x040c.ini -> C:\Documents and Settings\User\Local Settings\Temp\_is29\0x040c.ini ->  [Ver =  | Size = 6394 bytes | Modified Date = 6/29/2007 1:32:51 AM | Attr =	]
_ISMSIDEL.INI -> C:\Documents and Settings\User\Local Settings\Temp\_is29\_ISMSIDEL.INI ->  [Ver =  | Size = 429 bytes | Modified Date = 6/29/2007 1:32:51 AM | Attr =	]
Setup.ini -> C:\Documents and Settings\User\Local Settings\Temp\pft17~tmp\Disk1\Setup.ini ->  [Ver =  | Size = 115 bytes | Modified Date = 1/7/2005 2:58:48 PM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Adobe -> %AllUsersProfile%\Application Data\Adobe ->  [Folder | Modified Date = 2/14/2008 5:18:45 PM | Attr =	]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Modified Date = 2/27/2008 8:07:56 PM | Attr =	]
Nero -> %AllUsersProfile%\Application Data\Nero ->  [Folder | Modified Date = 2/24/2008 4:44:48 PM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 2/27/2008 9:39:03 PM | Attr =	]
Adobe -> %AppData%\Adobe ->  [Folder | Modified Date = 2/14/2008 5:18:45 PM | Attr =	]
Canon -> %AppData%\Canon ->  [Folder | Modified Date = 2/13/2008 7:28:44 PM | Attr =	]
OpenOffice.org2 -> %AppData%\OpenOffice.org2 ->  [Folder | Modified Date = 3/8/2008 4:23:21 PM | Attr =	]
WTablet -> %AppData%\WTablet ->  [Folder | Modified Date = 3/9/2008 8:31:06 AM | Attr =	]
Ahead -> %UserProfile%\Local Settings\Application Data\Ahead ->  [Folder | Modified Date = 2/24/2008 4:54:09 PM | Attr =	]
ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory ->  [Folder | Modified Date = 3/9/2008 10:57:50 AM | Attr =	]
My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk ->  [Ver =  | Size = 582 bytes | Modified Date = 2/25/2008 7:31:35 PM | Attr =	]
Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk ->  [Ver =  | Size = 1648 bytes | Modified Date = 2/27/2008 8:07:28 PM | Attr =	]
Ad-Watch 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Watch 2007.lnk ->  [Ver =  | Size = 1648 bytes | Modified Date = 2/27/2008 8:07:28 PM | Attr =	]
Nero Home Essentials SE.lnk -> %AllUsersProfile%\Desktop\Nero Home Essentials SE.lnk ->  [Ver =  | Size = 1341 bytes | Modified Date = 2/24/2008 4:50:51 PM | Attr =	]
Nero Online Upgrade.lnk -> %AllUsersProfile%\Desktop\Nero Online Upgrade.lnk ->  [Ver =  | Size = 1879 bytes | Modified Date = 2/24/2008 4:50:51 PM | Attr =	]
Nero StartSmart Essentials.lnk -> %AllUsersProfile%\Desktop\Nero StartSmart Essentials.lnk ->  [Ver =  | Size = 1417 bytes | Modified Date = 2/24/2008 4:50:51 PM | Attr =	]
atari_classics_evolved -> %UserProfile%\Desktop\atari_classics_evolved ->  [Folder | Modified Date = 2/25/2008 2:53:24 PM | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 3/9/2008 12:47:43 PM | Attr =	]
Corel Painter 8.lnk -> %UserProfile%\Desktop\Corel Painter 8.lnk ->  [Ver =  | Size = 2307 bytes | Modified Date = 2/14/2008 4:25:14 PM | Attr =	]
desktop sc -> %UserProfile%\Desktop\desktop sc ->  [Folder | Modified Date = 3/9/2008 1:23:41 AM | Attr =	]
desktop sc 2 -> %UserProfile%\Desktop\desktop sc 2 ->  [Folder | Modified Date = 2/28/2008 11:37:21 AM | Attr =	]
desktop sc 3 -> %UserProfile%\Desktop\desktop sc 3 ->  [Folder | Modified Date = 3/9/2008 1:24:46 AM | Attr =	]
HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 2/27/2008 2:04:41 PM | Attr =	]
mando'agrammar.htm -> %UserProfile%\Desktop\mando'agrammar.htm ->  [Ver =  | Size = 6095 bytes | Modified Date = 3/6/2008 9:32:59 AM | Attr =	]
MandoaupdateOct07.xls -> %UserProfile%\Desktop\MandoaupdateOct07.xls ->  [Ver =  | Size = 139776 bytes | Modified Date = 3/3/2008 4:15:14 PM | Attr =	]
McafeeRootkitDetective -> %UserProfile%\Desktop\McafeeRootkitDetective ->  [Folder | Modified Date = 2/27/2008 9:40:28 PM | Attr =	]
PMMEasyMode -> %UserProfile%\Desktop\PMMEasyMode ->  [Folder | Modified Date = 2/20/2008 7:40:08 AM | Attr =	]
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 793 bytes | Modified Date = 2/27/2008 9:14:28 PM | Attr =	]
stinger.exe -> %UserProfile%\Desktop\stinger.exe -> McAfee Inc. [Ver = 3.8.0 | Size = 1953799 bytes | Modified Date = 2/27/2008 9:31:25 PM | Attr =	]
stinger.opt -> %UserProfile%\Desktop\stinger.opt ->  [Ver =  | Size = 22 bytes | Modified Date = 2/28/2008 9:22:14 AM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Modified Date = 3/9/2008 12:51:37 PM | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 481997 bytes | Modified Date = 3/9/2008 12:51:06 PM | Attr =	]
Ahead -> %CommonProgramFiles%\Ahead ->  [Folder | Modified Date = 2/24/2008 4:46:43 PM | Attr =	]
LightScribe -> %CommonProgramFiles%\LightScribe ->  [Folder | Modified Date = 2/24/2008 4:51:16 PM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 2/27/2008 8:06:12 PM | Attr =	]

< End of report >


#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:24 AM

Posted 09 March 2008 - 06:00 PM

Hi Princess Artemis. Most of what Trend is finding are in the System Restore points. Nothing to worry about at this time (we'll clean those out later). Just don't do a System Restore lol.

Let's do a bit of cleanup.

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Driver Services - Non-Microsoft Only]
YY -> (gsplittm) gsplittm [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\User\LOCALS~1\Temp\gsplittm.sys
YY -> (PsSdk30) PsSdk30 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\Drivers\PsSdk30.drv
[Registry - Non-Microsoft Only]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
[Files/Folders - Modified Within 30 days]
NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Extra Files]
C:\Personal\downloads\codecs\
C:\WINDOWS\VirtualDNS.dll
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

If you need to reboot, the log file will be placed in the MovedFiles folder in the folder that WinPFind35 is running from. It will have a .log extension and a name in the format of mmddyyyy_hhmmss.log. Once you reboot, locate that file, open it with Notepad (not Write or any other text program) and post the contents back here.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 Princess Artemis

Princess Artemis
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 09 March 2008 - 06:39 PM

All right, here's the log--it did have to reboot. There hasn't been any especial problems so far with anything; Catalyst Control Center has stopped telling me it has to shut down right after booting up, so that's good I guess. Spybot's Tea Timer and Trend Micro requested I allow a couple registry changes on the reboot from using the fix you posted. I haven't tried attempting to install Microsoft's .NET framework updates again, but I figure I can wait on that, I can still use the programs that need it :) I'll make every effort not to need to do a system restore!

Thank you kindly for the continued help.

Explorer killed successfully
[Driver Services - Non-Microsoft Only]
Service gsplittm stopped successfully.
Service gsplittm deleted successfully.
File C:\DOCUME~1\User\LOCALS~1\Temp\gsplittm.sys not found.
Service PsSdk30 stopped successfully.
Service PsSdk30 deleted successfully.
File C:\WINDOWS\system32\Drivers\PsSdk30.drv not found.
[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
[Files/Folders - Modified Within 30 days]
[Extra Files]
< C:\Personal\downloads\codecs\ >
Folder C:\Personal\downloads\codecs\ not found.
< C:\WINDOWS\VirtualDNS.dll >
File/Folder C:\WINDOWS\VirtualDNS.dll not found.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\xx57 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\xx58 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\xx59 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\xx60 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\xx61 scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
WinPFind35U Version 1.0.4.1 fix logfile created on 03092008_161601

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:24 AM

Posted 09 March 2008 - 07:09 PM

Hi Princess Artemis. That all looks fine. Let's do some final cleanup to reset the System Restore points and remove all of the tools we used during the fix and then you are all set.

Step #1

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Step #2

To remove all of the tools we used and the files and folders they created do the following:
  • Start WinPFind35
    Click the CleanUp button
  • WinPFind35 will download a small file from the Internet. If a security program or firewall warns you of this allow it to download.
  • WinPFind35 will delete any tools downloaded and files/folders created and then ask you to reboot so it can remove itself. Click Yes.
After that you are good to go.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 Princess Artemis

Princess Artemis
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 09 March 2008 - 07:30 PM

Thank you very much OldTimer. That program certainly killed itself thoroughly! I appreciate the help and the peace of mind, thank you again.

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:24 AM

Posted 09 March 2008 - 09:09 PM

You are very welcome Princess Artemis, I'm glad that we could help.

I will now close this topic. If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

OT :thumbsup:
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users